...nterprise Security.
I created a TA called TA_test with eventtypes.conf and tags.conf in the local folder, the following are how my eventtypes.conf and tags.conf looks like:
eventtypes.conf
[t...
Hello I would like to add a tag to our Splunk clients by location. I found how to create eventtypes on the server side but I am searching to tag all events directly on the client (in server.conf o...
...ead knowledge bundle. But, I have added distsearch.conf in TA where eventtype resides and I can see macros.conf in knowledge bundle getting replicated to search peers. still I am not able to get r...
...7:33.489 INFO ShutdownHandler - Shutting down splunkd
It seems that on indexer level, the macro is not being expanded if it called by an eventtype.
eventtypes.conf and macros.conf are d...
...o check tags .conf and eventype.conf , where they mentioned the data model name in form of tag , but if tags.conf and eventype.conf is not there then how to identify which data model is b...
...or resource saved/eventtypes [HTTP 409] [{'type': 'ERROR', 'code': None, 'text': 'Cannot overwrite existing app object'}]" 5. We can only CANCEL and get back, where the EventType is shared in A...
Hi all
How do you configure colour coding in general search results. I know i can use the rangemap command but in apps like OSSEC some general results are highlighted in a red border without using...
I would like to find a detaild tutorial on how to create a splunk app to parse syslogs, with pre-defined field names, not the automatic key/value that splunk is able to detect. I have syslogs with d...